I have a server (server 1) which send requests to another server (server 2) where WordPress is installed and I am using their (server 2) WP REST API.

The problem is that I can't create/send wp-nonce from server 1 to server 2, and I am getting the following response:

{
"code": "rest_not_logged_in",
"message": "You are not currently logged in.",
"data": {
    "status": 401
}
}

I know that is not easy to disable nonce for REST API, but what is the proper way to send requests from another server to the WP REST API ?

I have a server (server 1) which send requests to another server (server 2) where WordPress is installed and I am using their (server 2) WP REST API.

The problem is that I can't create/send wp-nonce from server 1 to server 2, and I am getting the following response:

{
"code": "rest_not_logged_in",
"message": "You are not currently logged in.",
"data": {
    "status": 401
}
}

I know that is not easy to disable nonce for REST API, but what is the proper way to send requests from another server to the WP REST API ?

• rest-api

Share Improve this question edited May 22, 2019 at 22:19 butlerblog 5,13133 gold badges2828 silver badges4444 bronze badges asked May 22, 2019 at 20:25 gdfgdfggdfgdfg 17211 silver badge1515 bronze badges 5

• Are you trying to do this with AJAX? Could be a cross domain issue. Which you would need JSONP to do. – John Swaringen Commented May 22, 2019 at 20:33
• Nope, this is another server, which send requests when something happen on it (server 1 events) – gdfgdfg Commented May 22, 2019 at 20:38
• No I mean are the servers on the same domain? If they aren't you'll have to use CORS. See Cross Domain REST Call using CORS - blogs.mulesoft/dev/anypoint-platform-dev/… – John Swaringen Commented May 22, 2019 at 21:09
• What alternate authentication method are you using to authenticate your requests? Since you are trying to authenticate from a remote server to WordPress you can't use the native cookie method. – Derek Held Commented May 22, 2019 at 22:38
• They are on different domains, but now I am trying this plugin rest-api-oauth1 (which is free) and on the server 1 - NodeJS - Request library with OAuth 1.0a library. I think, it works. – gdfgdfg Commented May 22, 2019 at 23:05

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 2

Since your specific scenario is a remote application making a request to WordPress you'll need to explore additional authentication methods available via plugins for the REST API. I won't make any specific recommendations since I don't know your use case in detail but I'm sure you will find one that works well.

Try adding the following to your theme's functions.php file at the top. This will allow you to use Cross Domain calls from your functions.php.

function add_cors_http_header(){
    header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');